Composition analysis: bundler_audit reports a phantom vulnerability

A MR of mine on GitLab.com inconsistently showed both 0 and 1 vulnerabilities:

Here is the content of gl-dependency-scanning-report.json

{
  "version": "14.0.0",
  "vulnerabilities": [
    {
      "id": "85008fe3bf9c69f6acbc1b2f6f56b1540498ac7abcfc27f589ddd17357968c5f",
      "category": "dependency_scanning",
      "message": "Vulnerability in ",
      "cve": "Gemfile.lock:",
      "severity": "Unknown",
      "scanner": {
        "id": "bundler_audit",
        "name": "bundler-audit"
      },
      "location": {
        "file": "Gemfile.lock",
        "dependency": {
          "package": {}
        }
      },
      "identifiers": [],
      "links": [
        {
          "url": ""
        }
      ]
    }
  ],
  "remediations": [],
  "scan": {
    "scanner": {
      "id": "bundler_audit",
      "name": "bundler-audit",
      "url": "https://github.com/rubysec/bundler-audit",
      "vendor": {
        "name": "GitLab"
      },
      "version": "0.7.0.1"
    },
    "type": "dependency_scanning",
    "start_time": "2022-02-07T13:53:15",
    "end_time": "2022-02-07T13:53:16",
    "status": "success"
  }
}

Edited Feb 07, 2022 by Dinesh Bolkensteyn